Vulnerability Assessment

Industry-leading automated scanners, configured with optimized settings, are utilized to analyze the target environment. This process discovers misconfigurations, unsupported software, missing patches, unintentionally open services, and publicly disclosed exploits, to name a few. The information can then be used to formulate a plan to eliminate the threats or reduce them to an acceptable level of risk.

TrustedSec performs this assessment from not only a secure public server, but also through our TrustedSec Attack Platform or “TAP” device. TrustedSec offers Vulnerability Assessments as a standalone service, but also includes scanning at the end of our Penetration Tests. The vulnerability scanning phase is used as validation to ensure only the most common exposures were identified, as well as confirms that each of the findings identified through vulnerability scanning is validated.

The TrustedSec consultants perform validation of the discovered vulnerabilities, excluding denial-of-service (DoS), and removes all false-positives.

Our report outlines various findings and includes the pertinent validation screenshot or data.

The findings are then categorized by Common Vulnerability Scoring System version 3 (CVSSv3). The report includes a description of the vulnerability, affected hosts, TrustedSec’s recommended remediation, and applicable reference sources.

TrustedSec then weighs this score and assesses the impact to establish a risk-rating. This information can then be used in conjunction with a Vulnerability Management Program to identify and remediate exposures that compromise and reduce the effectiveness of the information security program.